During the past 15 years I have had lots of discussions with customers, partners, analysts and auditors about Cloud/SaaS and the unique opportunities – and challenges – this brings. I dare to say that I know this discussion fairly well, as I have sat on both sides of the table: sometimes representing the seller (in my case IBX Business Network’s SaaS solution) and at other times being the customer (buying a Cloud solution or service myself).

In selling and servicing procurement Cloud technologies, I’ve observed that customers are mainly represented by business specialists. It has often struck me how detached the buying professionals and their business decision makers are in their way of evaluating IT, Cloud and digital versus established business processes, when shopping for new technology solutions. The two – technology and processes – are often kept apart.

Paul Van Cotthem recently wrote on Pulse, everything is digital these days, thus we should stop using the “digital” prefix. He states: “People don’t take “digital” photographs or watch “digital” TV for the sake of them being digital”. He is right. In private life you shop your own platforms and applications and connect them to content or services without evening giving the “digital” or “Cloud” a thought. So why are we still making that “digital” distinction in the work life? In theory, we all know it’s no longer yesterday’s manual process + “something” digital in the Cloud. So why do so many procurement organizations employ a “Digital P2P Project Manager” or a “Chief Procurement Technology Officer” under their traditional C- and H-levels?

As digital and Cloud become the new normal, we must challenge ourselves and learn how to embrace and engage with technology as THE mechanism that can and will transform and continuously improve the business processes we are accountable for. In simple terms, it is our accountability on the business side to become tech-savvy, understanding what digital, cloud and IT mean to the business processes we own, as one. Once this happens, we will automatically stop calling it “digital” and likely use another prefix to describe what would then be abnormal: manual.

My humble opinion is that the root cause of why the same person can embrace digital as a norm to get things done in his or her private life, but struggle to do the very same behind the office desk, is a lack of knowledge in combination with a fear of failure. In this series of posts, I am going to offer some high level advice that can help you overcome some of this, starting today with things you should be especially observant of when shopping for SaaS solutions – beyond the traditional features and functions list. Tread carefully!

1. Know your (non-functional) requirements

This sounds like a no-brainer but in reality this is quite a different animal. Surprise, surprise, it is actually not the IT security guys or some person in legal or compliance who defines your non-functional requirements (things the solution should do outside its core functionality). So who is this? It is you, the person who is actually buying the SaaS solution.

You need to define the availability (when does the solution need to be up, you have to think about how much maximum downtime you can survive, what amount of data loss is acceptable to you), and you need to set the level of confidentiality (who should be able to access the data) and integrity (how do you make sure that the data is always correct and nobody has altered it without authorization) of your solution.

Your colleagues from security, legal and compliance will help you to understand and define these requirements and they will share organization policies and best practices. But ultimately it is you who needs to understand and drive this. Because in the end it is all about the risk you want to take. Only you can make this decision. In essence, not every solution needs a 24X7 SLA, data encryption at rest or two-factor authentication.

2. Beware of the SLA smoke and mirror tactic

So now you have defined your availability requirement. And your vendor promises a 99.9% availability. Four data centers in all continents? You’re safe, right?

Well, now it is time to read the fine print and ask your vendor the following questions if you’re not happy with what you are reading there:

What do you measure? Is it a measuring a single page or a full business transaction?

Can you share the documentation of your test case with me (ideally in a human-readable format)?

How often do you measure this?

From where do you measure it? From your data center or from multiple locations on the continents I do business in?

How many maintenance windows do you have and how long are they and do they count against the SLA?

How do you handle emergency security patching? Do they count against the SLA?

How do you report these SLAs to me? Monthly, quarterly, yearly?

Is the SLA calculated per month? Per quarter? Per year?

What is the maximum downtime that you can have?

How much data will you lose? If you replicated your data to protect against data loss, where do you replicate it to?

A respectable vendor will have no problem answering all these questions. But you might not like the answers and the SLA from the PowerPoint slides might turn out to be a very different beast in your contract.

Don’t necessarily assume that a big vendor will come up with the most satisfactory answers.

I had a case recently where the promised 99.5% availability actually became 96% because the vendor had a lot of weekly maintenance windows that didn’t count against the SLA. I am fully aware that you sometimes need disruptive maintenance windows but these should be few (e.g. three to four times a year).

And frankly speaking, if you need so many weekly maintenance windows, something is wrong with your architecture anyway.

So we didn’t buy this Cloud solution but opted to use another vendor – which unfortunately was significantly more expensive. But as they say: you get what you pay for.

I also had a case where a European vendor replicated their data from Europe to a disaster recovery center in the US. And only every four hours. This might not be a problem for some but for us that was a show stopper. My conclusion on SLAs: read the fine print, ask your colleagues in security and legal/compliance for help and then determine if you can accept the SLA and its associated risks – know your requirements.

3. Don’t throw the baby out with the bathwater

Many Cloud service providers will tell you to put all your eggs in one basket, claiming your current infrastructure is complex and diverse. As such, they will try to sell you a full solution from the Cloud. It’s often a very expensive route to take, with poor ROI, requiring huge change and implementation processes. Companies going for this approach may of course make the right choice depending on their unique starting point and maturity. But often, they have not assessed their own inventory, they do not know what´s already in their existing toolbox and what offerings on the market can be added, making the toolbox complete, up to date, delivering world-class results. Instead, they buy a new toolbox.

My experiences from procurement are that a surprisingly large portion of companies forget or disregard what they have bought (often depreciated in full) and now run in the server room.

For example, if you have supplier relationship management software or materials management functionality embedded in your ERP, must you throw it out because you want your end-users to have access to what today is perceived as a standard online shopping experience similar to Amazon but is not available with your existing system?

The answer is of course: No. You can buy a state-of-the-art application layer from one provider, run it from the Cloud, connect it to your existing – perhaps a bit old and clunky – on-premise infrastructure from another provider, and simply run them together. You can address entire workflows this way, or a series of process tasks. Buying SaaS is a mix-and-match game in 2016. You can combine old with new, on-premise, hybrid or Cloud. Digital and Cloud give you the ability to tune up, just as you do with a car, improving performance and increasing the value of something you already have in the garage.

Research your IT inventory to understand what and how you can leverage your existing investment simply adding cloud distributed application-like enhancers and accelerators compatible with your specific setup, before you throw the baby out with the bathwater.

In coming posts, I intend to continue to write about advice for business decision makers wanting to roll up their sleeves, engage in IT decisions and embrace technologies (related to procurement) focused on functionality and process business value. Feel free to reach out if there is any particular topic you would want to get on the agenda.

This article was written by Nicklas Brändström from CapGemini: BPO Thought Process and was legally licensed through the NewsCred publisher network.